Unauthorized LDAP Endpoint Access in SAP Cloud Connector (CVE-2025-42955)
CVE-2025-42955 Published on August 12, 2025
Missing authorization check in SAP Cloud Connector
Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of the service. Confidentiality and integrity of the data are not affected.
Vulnerability Analysis
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2025-42955 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2025-42955
Want to know whenever a new CVE is published for SAP Cloud Connector? stack.watch will email you.
Affected Versions
SAP_SE SAP Cloud Connector Version SAP_CLOUD_CONNECTOR 2.0 is affected by CVE-2025-42955Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.